Russian ransomware gang claims it stole ‘classified and top secret documents’ from US intelligence
A Russian hacking group has claimed it infiltrated a tech company responsible for handling “classified and top secret” documents for US intelligence agencies.
BlackCat, also known as ALPHV, is threatening to sell off or release more than two dozen documents related to the Defense Counterintelligence and Security Agency, which carries out background investigations and insider threat analyses, if the tech firm Technica does not “contact us soon.”
Technica is a vet-owned company that works to “support the federal government and their mission to support, to defend and protect America’s citizens,” according to its website.
By infiltrating its site, ALPHV claims it retrieved 300 gigabytes of data, including documents featuring Department of Defense employees names, social security numbers, clearance levels, roles and work locations.
The screenshots also include billing invoices, contracts for the FBI and US Air Force, as well as information related to private companies that have contracted with the US government.
A motive for the attack remains unclear, and it is unknown whether the group is linked to the Kremlin.
The Post has also reached out to Technica for comment.
A Department of Defense spokesman, meanwhile, said the agency “is aware of the allegations of this incident and is coordinating with the appropriate law enforcement and security officials to address concerns.
“We will not comment on any cleared facility’s security posture or any specific security incidents,” the spokesman said in a statement to The Post.
But cybersecurity experts warn that the federal government should take the threat seriously.
“Even if these aren’t classified documents per se, there is a lot of sensitive data that can be garnered from even confidential or sensitive documents,” Allan Liska, a ransomware researcher at Recorded Future, told Cyberscoop.
Brett Callow, a threat analyst at cybersecurity firm Emisoft, also said: “Incidents like this shouldn’t be considered in isolation.
“Exfiltrated data can be combined with information obtained in other attacks and from other sources, so breaches can be more significant than they may seem,” he explained to the Daily Dot.
Making matters more dangerous, Liska said, the information “could be used by nation state actors for targeting.”
ALPHV’s attack came as FBI Director Chris Wray warned lawmakers on Wednesday that Chinese hackers could “wreak havoc” on critical US infrastructure.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real world harm to American citizens and communities if and when China decides the time has come to strike,” Wray told the House Select Committee on the Chinese Communist Party.
“To quantify what we’re up against, the PRC has a bigger hacking program than that of every major nation combined,” the FBI director said.
“In fact, if you took every single one of the FBI cyber agents and intelligence analysts and focus them exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50-to 1.”
He went on to describe the PRC’s hacking efforts as part of the communist country’s “multi-pronged assault on our national and economic security,” which he called “the defining threat of our generation.”
Read the full article Here